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REMARKS 

The examiner is thanked for the performance of a thorough search. By this amendment, 
Claims 1, and 17-19 have been amended. No claims have been cancelled or added. Hence, 
Claims 1-31 are pending in the application. The amendments to the claims as indicated herein 
do not add any new matter to this application. Furthermore, amendments made to the claims as 
indicated herein have been made to exclusively improve readability and clarity of the claims and 
not for the purpose of overcoming alleged prior art. 

Each issue raised in the Office Action mailed July 28, 2008 is addressed hereinafter. 

I. ISSUES NOT RELATING TO PRIOR ART 

A. CLAIM OBJECTIONS, CLAIM 18 

Claim 18 is objected to because it recites the term "when," which the Office Action 
alleges should be omitted. Claim 18 now recites "a computer-readable volatile or non- volatile 
medium storing one or more stored sequences of instructions that are accessible to the processor, 
wherein execution of the one or more stored sequences of instructions by the processor causes 
the processor to perform . . . ." Thus, Claim 18 as amended does not recite the term "when," and 
reconsideration is respectfully requested. 

B. 35U.S.C. §101 

Claim 17 is rejected under 35 U.S.C. § 101 as allegedly directed to non-statutory subject 
matter. The Office Action alleges that "means for" recited by Claim 17 "appear to be nothing 
more than computer program modules, thereby invoking 35 U.S.C. 101 as non-statutory subject 
matter." Claim 17 now recites an apparatus comprising one or more processors, which by 
definition is a machine or an article of manufacture. Thus, Claim 17 clearly recites patentable 
subject matter under 35 U.S.C. § 101. Further, Applicant's disclosure states that 
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implementations can use hardware or firmware and not merely software or printed program 
listings. Reconsideration is respectfully requested. 

II. ISSUES RELATING TO PRIOR ART 

Please note that the ordering of the issues in this response is different from the ordering in 
the Office Action. This reordering is to increase the clarity of the discussion. 
A. CLAIMS 1, 2, 11, 15, AND 16 

Claims 1, 2, 11, 15, and 16 are rejected under 35 U.S.C. § 103(a) as being unpatentable 
over U.S. Patent No. 6,944,663 to Schuba, et al. ("Schuba") in view of U.S. Patent No. 6,321,339 
to French, et al. ("French"). The rejection is respectfully traversed. 

Schuba and French are not properly combined in this rejection under 35 U.S.C. § 103(a) 
because of a lack of motivation to combine by a person of ordinary skill in the art. French 
contains no suggestion that using the method of authentication described therein would be useful 
as part of a proof-of-work approach to protect against denial of service attacks. The rationale 
asserted by the Office Action, "providing categories of access based on values associated with 
authentication outcomes," is unsupported by evidence from the references or any other source. 
Thus, it would not have been obvious to one of skill in the art to combine methods from French 
with methods from Schuba. 

Claim 1 recites: 

A method of preventing an attack on a network, the method comprising the computer- 
implemented steps of: 

receiving a request to access a resource from a user, wherein the request includes an 

accumulated work value; 
wherein the accumulated work value represents a total amount of work previously 



threshold value, and if not, requiring the user to perform a quantity of work 
as a condition for accessing the resource; 

providing the user with access to the resource; 
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determining an amount of accumulated work output value to provide to the user 

based on a volume of data communicated between the resource and the user; 

and 

wherein the accumulated work output value represents a second amount of work 

performed by the user; 
providing the accumulated work output value to the user. 

At least the above-bolded features of Claim 1 are not made obvious by Schuba or French, even 

when taken in combination under 35 U.S.C. § 103(a). 

The Office Action cites Schuba Col 3 Lines 52-58 for disclosing "receiving a request to 
access a resource from a user, wherein the request includes an accumulated work value" recited 
by Claim 1 . This is incorrect. 

The cited portion of Schuba describes a system that "receives a request for service from a 
client." In response to the request in Schuba, the system generates a random number and "selects 
a value for the parameter, n, which specifies the amount of computational work involved in 
computing the preimage x." In Schuba Col 3 Lines 59-60, the system stores the random number 
and the parameter, n, at a server and then sends those values to the client. The system of 
Schuba does not teach an accumulated work value as recited by Claim 1, nor does Schuba 
disclose any such value that is included in the client's request. Thus, Schuba fails to teach or 
suggest "receiving a request to access a resource from a user, wherein the request includes an 
accumulated work value" recited by Claim 1. It is not even alleged that French teaches this 
feature of Claim 1 . 

The Office Action cites French Col 14 Lines 1-14 for teaching "wherein the accumulated 
work value represents a total amount of work previously performed by the user and accumulated 
across multiple prior requests by the user," as recited by Claim 1. This is incorrect. 

The cited portion of French describes a "transaction record" that is used to "keep track of 
user input and authentication results." The authentication results in the transaction record "may . 
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. . be combined with the results of second level authentication ... to determine an overall 
authenticity certainty score." French's process of authentication uses queries that are directed 
from the server to the client. Thus, French fails to teach or suggest "multiple prior requests by 
the user" as recited by Claim 1. 

Furthermore, the "accumulated work value" recited in Claim 1 is included in "a request 
to access a resource" sent by a user. The transaction record, or any other value described in 
French, is not included in a user request as recited by Claim 1 . Thus, French fails to teach or 
suggest "wherein the accumulated work value represents a total amount of work previously 
performed by the user and accumulated across multiple prior requests by the user," as recited by 
Claim 1, even when taken in combination with Schuba under 35 U.S.C. 103(a). 

The Office Action cites Schuba Col 4 Lines 35-39 and Col 3 Lines 50-52 for teaching 
"determining whether the accumulated work value exceeds a required work threshold value, and 
if not, requiring the user to perform a quantity of work as a condition for accessing the resource," 
as recited by Claim 1. This is incorrect. 

Col 4 Lines 35-39 of Schuba describes verifying a client's solution of a puzzle. While 
solving the puzzle in Schuba inherently involves work on the client's part, Schuba does not teach 
an "accumulated work value" or a "required work threshold value" in any way. Also, 
determining if "the client successfully solved the client puzzle" as recited by Schuba does not 
equate to "determining whether the accumulated work value exceeds a required work threshold 
value" as recited by Claim 1. Because Schuba fails to teach "determining whether the 
accumulated work value exceeds a required work threshold value," it is impossible that 
Schuba teaches or suggests "determining whether the accumulated work value exceeds a 
required work threshold value, and if not, requiring the user to perform a quantity of work as a 
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condition for accessing the resource," as recited by Claim 1. It is not even alleged that French 
discloses this feature of Claim 1. 

The Office Action cites Schuba Col 3 Lines 53-58 for teaching "determining an amount 
of accumulated work output value to provide to the user based on a volume of data 
communicated between the resource and the user" recited by Claim 1. This is incorrect. 

As previously stated, the Col 3 Lines 53-58 of Schuba describes a system that generates a 
random number and "selects a value for the parameter, n, which specifies the amount of 
computational work involved in computing the preimage x" in response to a client request. 
Schuba fails to teach or suggest basing "an amount of accumulated work output value ... on a 
volume of data communicated between the resource and the user" as recited by Claim 1. 
More specifically, the values described in the cited portion of Schuba are either a random 
number, a transaction identifier, or a measure of the amount of computational work that goes into 
solving a puzzle. Thus, Schuba fails to teach or describe "determining an amount of 
accumulated work output value to provide to the user based on a volume of data communicated 
between the resource and the user" recited by Claim 1. It is not even alleged that French 
discloses this feature of Claim 1. 

The Office Action cites French Col 14 Lines 1-14 for teaching "wherein the accumulated 
work output value represents a second amount of work performed by the user" recited by Claim 
1 . This is incorrect. 

As previously discussed, this portion of French describes a "transaction record" that is 
used to "keep track of user input and authentication results." The authentication results in the 
transaction record "may ... be combined with the results of second level authentication ... to 
determine an overall authenticity certainty score." French's mere description of a transaction 
record that keeps track of user input is not sufficient to teach "a second amount of work 
Seq. No. 8596 15 
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performed by the user" that is "based on a volume of data communicated between the resource 
and the user" as recited by Claim 1. Thus, French fails to teach or describe "wherein the 
accumulated work output value represents a second amount of work performed by the user" 
recited by Claim 1, even when taken in combination with Schuba under 35 U.S.C. 103(a). 

The Office Action cites Schuba Col 3 Lines 55-58 for allegedly teaching "providing the 
accumulated work output value to the user" recited by Claim 1 . This is incorrect. 

The cited portion of Schuba describes specifying an "amount of computational work 
involved in computing a preimage." The cited portion of Schuba does not disclose providing a 
value to a user. Furthermore, as discussed above, Schuba fails to teach an "accumulated work 
output value" recited by Claim 1. Therefore, it is impossible that Schuba teaches or suggests 
"providing the accumulated work output value to the user" recited by Claim 1. It is not even 
alleged that French teaches this feature of Claim 1 . 

For at least these reasons, Claim 1 is patentable over Schuba and French. 

Claim 16 recites: 

A method of preventing an attack on a network, the method comprising computer-implemented 
steps of: 

receiving a request to access a resource from a user, wherein the request includes an 
accumulated work value that represents work that the resource has 
previously required the user to perform in order to obtain previous access to 
the resource; 

determining whether the accumulated work value exceeds a required work 

threshold value; and 
providing the user with access to the resource only when the accumulated work 

value exceeds a required work threshold value. 

At least the above-bolded features of Claim 16 are not made obvious by Schuba or French, even 
when considered in combination under 35 U.S.C. § 103(a). 

The Office Action cites Schuba Col 3 Lines 52-53 for allegedly teaching "receiving a 
request to access a resource from a user," and French Col 14 Lines 1-14 for disclosing "wherein 
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the request includes an accumulated work value that represents work that the resource has 
previously required the user to perform in order to obtain previous access to the resource," as 
recited by Claim 16. This is incorrect. 

As previously stated, French Col 14 Lines 1-14 describes a "transaction record" that is 
used to "keep track of user input and authentication results." The authentication results in the 
transaction record "may ... be combined with the results of second level authentication ... to 
determine an overall authenticity certainty score." However, the results of the second level 
authentication that may be combined with the original authentication results in French is not an 
"accumulated work value [that] represents work that the resource has previously required the 
user to perform in order to obtain previous access to the resource" as recited in Claim 1. The 
dual levels of authentication described in French are the result of a single request by the client. 
Thus, any work being done to obtain access to a resource in French does not include "work that 
the resource has previously required the user to perform in order to obtain previous access to the 
resource." 

Furthermore, the cited portion of Schuba describes a system that "receives a request for 
service from a client." However, Schuba fails to teach or suggest a request from a client that 
"includes an accumulated work value that represents work that the resource has previously 
required the user to perform in order to obtain previous access to the resource," as recited by 
Claim 16. Thus, French and Schuba, taken in combination under 35 U.S.C. § 103(a), fail to 
teach or suggest "receiving a request to access a resource from a user, wherein the request 
includes an accumulated work value that represents work that the resource has previously 
required the user to perform in order to obtain previous access to the resource" recited by Claim 
16. 
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The Office Action cites Schuba Col 4 Lines 35-39 for allegedly teaching "determining 
whether the accumulated work value exceeds a required work threshold value" recited by Claim 
16. This is incorrect. 

As previously stated, Col 4 Lines 35-39 of Schuba describes verifying a client's solution 
of a puzzle. While solving the puzzle in Schuba inherently involves work on the client's part, 
this portion of Schuba does not teach an "accumulated work value" or a "required work 
threshold value" in any way. Thus, determining if "the client successfully solved the client 
puzzle" as recited by Schuba does not equate to "determining whether the accumulated work 
value exceeds a required work threshold value" as recited by Claim 16. It is not even alleged 
that French discloses this feature of Claim 16. 

The Office Action cites Schuba Col 4 Lines 36-39 for allegedly teaching "providing the 
user with access to the resource only when the accumulated work value exceeds a required work 
threshold value" recited by Claim 16. This is incorrect. 

As discussed above, Schuba fails to teach or suggest "determining whether the 
accumulated work value exceeds a required work threshold value" as recited by Claim 16. Thus, 
it is impossible that Schuba discloses "providing the user with access to the resource only when 
the accumulated work value exceeds a required work threshold value" as recited by 
Claiml6. Again, it is not alleged that French discloses this feature of Claim 16. 

Therefore, for at least the above reasons, Claims 1 and 16 are patentable over Schuba and 
French, even when taken in combination under 35 U.S.C. § 103(a). Claims 11 and 15 depend 
from Claim 1 and therefore Claims 1 1 and 15 include by dependency each of the features 
described above that distinguish Claim 1 from Schuba and French. Therefore, Claims 11 and 15 
are also patentable over Schuba and French. Reconsideration is respectfully requested. 
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B. CLAIMS 17-19 

Claims 17-19 are rejected under 35 U.S.C. § 102 as being anticipated by Schuba. The 
rejection is respectfully traversed. Claims 17-19 have been amended such that these claims 
include the same features described above for Claim 1 that distinguishes Claim 1 from Schuba, 
even when taken in combination with French under 35 U.S.C. § 103(a). Thus, for the same 
reasons set forth above for Claim 1, Schuba does not anticipate Claims 17-19, even when taken 
in view of French. 

C. CLAIMS 20, 24, AND 28 

Claims 20, 24, and 28 are rejected under 35 U.S.C. § 103(a) as being unpatentable over 
Schuba. The rejection is respectfully traversed. Claims 20, 24, and 28 depend from Claims 19, 
17, and 18 respectively, and are patentable over Schuba for at least the same reasons as those 
discussed in connection with Claims 17-19. As is discussed above, Claims 17-19 recite features 
that Schuba does not disclose. Therefore, Claims 20, 24, and 28, which inherit these features, are 
not anticipated by Schuba. 

D. CLAIMS 3-10, AND 12-14 

Claims 3-10, and 12-14 are rejected under 35 U.S.C. § 103(a) as being unpatentable over 
Schuba in view of French and further in view of U.S. Patent No. 7,197,639 to Juels, et al. 
("Juels"). The rejection is respectfully traversed. Claims 3-10, and 12-14 depend from 
independent Claim 1, discussed above, and are patentable over the cited references for at least 
the same reasons as those discussed in connection with Claim 1. As is discussed above Claim 1 
recites features that Schuba and French do not disclose. The Office Action does not even allege 
that Juels discloses these features. Therefore, Claims 3-10, and 12-14, which inherit these 
features, are patentable over Schuba, French, and Juels, even when considered in combination, 
under 35 U.S.C. § 103(a). 
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E. CLAIMS 21-23, 25-27, AND 29-31 

Claims 21-23, 25-27, and 29-31 are rejected under 35 U.S.C. § 103(a) as being 
unpatentable over Schuba in view of Juels. The rejection is respectfully traversed. Claims 21-23, 
25-27, and 29-31 depend from independent Claims 17-19, discussed above, and are patentable 
over the cited references for at least the same reasons as those discussed in connection with these 
independent claims. As is discussed above, Claims 17-19 recite features that Schuba does not 
disclose. The Office Action does not even allege that Juels discloses these features. Therefore, 
Claims 21-23, 25-27, and 29-31, which inherit these features, are patentable over Schuba and 
Juels, even when considered in combination, under 35 U.S.C. § 103(a). 
IE. CONCLUSIONS & MISCELLANEOUS 

For the reasons set forth above, all of the pending claims are now in condition for 
allowance. The Examiner is respectfully requested to contact the undersigned by telephone 
relating to any issue that would advance examination of the present application. 

A petition for extension of time, to the extent necessary to make this reply timely filed, is 
hereby made. If applicable, a law firm check for the petition for extension of time fee is enclosed 
herewith. If any applicable fee is missing or insufficient, throughout the pendency of this 
application, the Commissioner is hereby authorized to charge any applicable fees and to credit 
any overpayments to our Deposit Account No. 50-1302. 

Respectfully submitted, 

HICKMAN PALERMO TRUONG & BECKER LLP 

Dated: October 15, 2008 /ChristopherJPalermo#42056/ 

Christopher J. Palermo 
Reg. No. 42,056 

2055 Gateway Place Suite 550 
San Jose, California 95110-1083 
Telephone No.: (408) 414-1080 
Facsimile No.: (408) 414-1076 
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